According to Foresight News, the Safe team has reviewed the security incident mentioned in Radiant Capital's post-incident report. The review highlighted that while the Safe {Wallet} frontend functioned normally, external devices were compromised during the signing process. This allowed hackers to alter transaction data and trick signers into approving malicious transactions. The Safe team emphasized the risks associated with blind signing, where users approve transactions without fully viewing the details, particularly when using hardware wallets.
To address this issue, Safe recommends using multiple signing devices from different vendors, such as a combination of Ledger and Trezor, and connecting these devices through trusted interfaces to enhance transaction visibility and security. Additionally, Safe is exploring technologies like conditional signatures to provide more contextual information without compromising security. The team is also considering directly calculating Ledger hashes within its interface, enabling users to verify the hashes displayed on their hardware wallets and the interface.
The Safe team stressed the need for collaboration within the ecosystem to resolve the blind signing problem. They committed to working with hardware wallet providers and the community to improve transaction and message signing processes.